Our mail server was originally set up using self-created certificates. However when those expired, and I tried to recreate them, the whole thing just blew up. Since I know it will be important, we are running a Debian server and postfix.
Now I see these errors generated in the mail logs:
May 15 08:06:34 letterpress postfix/smtpd[22901]: warning: cannot get certificate from file /etc/postfix/ssl/smtpd.cert
May 15 08:06:34 letterpress postfix/smtpd[22901]: warning: TLS library problem: 22901:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/postfix/ssl/smtpd.cert','r'):
May 15 08:06:34 letterpress postfix/smtpd[22901]: warning: TLS library problem: 22901:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
May 15 08:06:34 letterpress postfix/smtpd[22901]: warning: TLS library problem: 22901:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:720:
May 15 08:06:34 letterpress postfix/smtpd[22901]: cannot load RSA certificate and key data
And when trying to access email from a client like Thunderbird from outside our local network, you receive "Unable to connect to smtp server".
I have verified that the file /etc/postfix/ssl/smtpd.cert does exist. The current owner of the file is root:root
. Does this need to be changed?